ACK: [SRU groovy 0/9] CVE-2021-3347

[Kleber Souza]

On 09.03.21 18:03, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> This fixes CVE-2021-3347, where userspace could provoke EFAULT during a futex
> operation leading to inconsistent internal kernel state, which could then be
> exploited. Privilege escalation cannot be ruled out.
> 
> [Test plan]
> I tested stress-ng --futex, kselftest futex, glibc nptl tests, ltp futex tests,
> perf bench futex, and some odd reproducers for past issues. No apparent
> regressions.
> 
> [Potential regressions]
> futex is used in pthreads. So, parallel programs that use futexes for mutual
> exclusion can fail or deteriorate, with lockups, race conditions, or bad
> performance.
> 
> [Fixes]
> I ended up picking up some pre-req commits, rather than fixing up everything
> with backports. Only one treewide commit was skipped and required a simple
> backport. The pre-reqs were cleanups, rather than fixes for open bugs.
> 
> André Almeida (2):
>    futex: Remove put_futex_key()
>    futex: Remove needless goto's
> 
> Thomas Gleixner (7):
>    futex: Replace pointless printk in fixup_owner()
>    futex: Ensure the correct return value from futex_lock_pi()
>    futex: Provide and use pi_state_update_owner()
>    rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
>    futex: Use pi_state_update_owner() in put_pi_state()
>    futex: Simplify fixup_pi_state_owner()
>    futex: Handle faults correctly for PI futexes
> 
>   kernel/futex.c                  | 300 ++++++++++++--------------------
>   kernel/locking/rtmutex.c        |   3 +-
>   kernel/locking/rtmutex_common.h |   3 +-
>   3 files changed, 116 insertions(+), 190 deletions(-)
> 

Well tested, most of the changes are for clean-up and the commit
with the real fix is a clean cherry-pick.

Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>